Skip to main content

How to blind your ISP & keep your data safe

(Image credit: Image source: Shutterstock/Carlos Amarillo)

Let’s just face the ugly truth — internet users no longer have the freedom to use the Internet without fearing someone somewhere going through their data. Worst still, you can’t even make phone calls without getting weird vibes about a mysterious someone listening in on your private conversations.

The unfortunate reality is that nothing is private anymore. The credit for this disservice goes to anti-privacy laws like the IP Bill in the UK, Broadband Privacy in the US, and Metadata Retention Law in Australia. Combined, these laws have transformed the internet into a digital hell, courtesy of the Senates and Governments. Let’s have a brief look at these laws to understand how they have impacted the digital landscape and our overall psychology.

1. The UK IP bill

The UK IP Bill, aka Investigatory Powers Act 2016, authorised telecommunication companies and Internet Service Providers (ISPs) to retain the online activities of Internet users and store it up to 1 year for legal proceedings.

This bill, also termed “snoopers charter bill”, also allows law enforcement agencies to break into a user’s device to access their private data. The bill also restricts companies from using encryption for their consumer applications. Not only this, it also allow ISPs to retain the Internet activities of their users, including their browsing history, app usage, social media usage, voicemails, online conversations, etc. for up to one year.

It also allows the Government to force companies to hack into or break things they've sold, so the users could be spied on. Furthermore, it disallows the use of encryption on devices being sold and used in the UK.

2. The US broadband privacy law

President Donald Trump signed into law the now-infamous Senate Joint Resolution 34, which “nullifies the Federal Communications Commission’s rule on privacy of customers of broadband and other telecommunications services.” The move was expected after the Senate and the House passed bills scrapping Obama-rea administration rule requiring ISPs to secure consumer's’ permission before using or selling data about their Internet use.

Consumer advocates are voicing their concerns and want the law to be overturned. Robert Weissman, president of advocacy group Public Citizen said that ISPs such as Comcast and Verizon will "have the right to track us while we are online and gather private information – including information about where we are, our finances, our health status, and much more – and sell it to marketers without our permission."

3.    Australia Metadata Retention Law

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, aka the data retention bill, has put an end to digital privacy in Australia. The bill has not just put digital privacy at risk, but also the privacy and security of every internet user in Australia.

The data retention bill was created in the name of equipping “Australia against emerging and evolving threats.” The bill legally authorises all ISPs in Australia to retain the metadata of its customers for up to two years.

As per the retention policy, ISPs have now complete statutory power to store the metadata of phone calls made by people in Australia. For instance, location from where the phone call is made, the number of the caller and the recipient, the time and date of the call, etc. will all be documented.

Apart from phone calls, the bill also allows ISPs to store browsing history and email activities of its users as well. For instance, an ISP can store the time and date of an email, the id of the recipient, and even the attached files.

Currently, the data retention is limited to certain metadata, but there is no telling when it can be extended to cover detailed browsing history, call conversations, chats, etc.

What’s more troubling is the thought of losing our data to a rogue ISP. After all, we cannot expect every ISP to be honest in their dealings. A dishonest ISP may agree to maintain privacy policies while handling our private information but behind the scenes, it may end up selling it to third-parties.

Regardless, it is not like we can’t keep our online privacy intact after the implementation of this new mass surveillance policy in Australia. Fortunately, there are some tried and tested ways to help us hide our digital data from ISPs for good.

·         Browse Anonymously

IP tracking is the primary way to track and monitor users on a network. Hence, the first countermeasure to stop ISP tracking and monitoring is to hide your real IP.

There are many ways you can browse the Internet anonymously. For starters, you may try using a VPN to conceal your real IP. It allows you to redirect your traffic through a different server while browsing, which ultimately makes it near impossible for ISPs to track the real IP address and the data exchanged.

You may also use popular services like TOR, aka The Onion Router. It is an anonymous browser that routes your traffic through a network of computers (nodes). It is like using a proxy on steroids, but it is way more secured than a simple proxy server.

It is imperative to understand that TOR isn’t for making your everyday browsing anonymous. Use it for activities that come under the umbrella of “sensitive information.” Also, don’t use TOR for large volume broadcasts such as p2p file sharing, etc.

·         Block Tracking Cookies

Cache tracking is yet another way your online activities are tracked and monitored. You may use browser add-ons or extensions to block all the non-consensual trackers used by websites to track on-site user behavior. You may, in fact, find tracker blockers that block even analytical tools from monitoring your on-site activities.

·         Use HTTPS

Encryption is perhaps the best way to make sure your online identity is safe. You may use encryption tools like the HTTPS Everywhere extension that turns a non-encrypted URL to an encrypted HTTPS if a website supports it. The HTTPS may not hide the website itself from the ISP but it will hide the activity you do on the website because of an encrypted connection to the server.

 ·         Encrypt Phone Calls

Since these laws also include your phone call metadata such as caller and recipient id, time of call, etc., it is imperative that you add encryption to your phone conversations as well. For encrypting voice calls, you may try end-to-end mobile encryption apps for voice calls and text.

The solutions mentioned above are better than nothing, it will definitely save you from everyday regular cyberattacks.

Anas Baig, Cyber Security Journalist
Image source: Shutterstock/Carlos Amarillo

Anas Baig
Anas Baig is a Cyber Security Journalist by profession with a profound interest in online privacy & security & IoT.